diff options
Diffstat (limited to 'updater/install.cpp')
-rw-r--r-- | updater/install.cpp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/updater/install.cpp b/updater/install.cpp index afa5195d0..295965047 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -35,6 +35,7 @@ #include <unistd.h> #include <utime.h> +#include <limits> #include <memory> #include <string> #include <vector> @@ -115,7 +116,7 @@ Value* PackageExtractFileFn(const char* name, State* state, std::string dest_path = args[1]; ZipArchiveHandle za = state->updater->GetPackageHandle(); - ZipEntry entry; + ZipEntry64 entry; if (FindEntry(za, zip_path, &entry) != 0) { LOG(ERROR) << name << ": no " << zip_path << " in package"; return StringValue(""); @@ -165,13 +166,18 @@ Value* PackageExtractFileFn(const char* name, State* state, const std::string& zip_path = args[0]; ZipArchiveHandle za = state->updater->GetPackageHandle(); - ZipEntry entry; + ZipEntry64 entry; if (FindEntry(za, zip_path, &entry) != 0) { return ErrorAbort(state, kPackageExtractFileFailure, "%s(): no %s in package", name, zip_path.c_str()); } std::string buffer; + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + return ErrorAbort(state, kPackageExtractFileFailure, + "%s(): Entry `%s` Uncompressed size exceeds size of address space.", name, + zip_path.c_str()); + } buffer.resize(entry.uncompressed_length); int32_t ret = |